Comprehensive data protection for all workloads
Post Reply
anushabesta
Lurker
Posts: 1
Liked: never
Joined: Feb 07, 2024 8:17 pm
Full Name: anusha besta
Contact:

CASE#07121136 - Hashing Algorithms Audit Query

Post by anushabesta »

Hi Team,

It is regarding Veeam backup and replication.

One of our clients is going through an audit and auditor requesting to change the hashing algorithm to SHA-2 instead of SHA-1 to meet their standards.

Veeam support engineer mentioned that we cannot change to SHA-2. However, he does not have a reason why it is not possible to change? or if there are any future plans to include SHA-2 in future VBR releases? If yes, when.

Also, the clients' auditors are asking them for a business reason and to justify the use of SHA-1 and SHA-256 in their environment as opposed to available SHA-2 options.

Please advise.

Please refer the support case for more information.

Thanks!
PetrM
Veeam Software
Posts: 3626
Liked: 608 times
Joined: Aug 28, 2013 8:23 am
Full Name: Petr Makarov
Location: Prague, Czech Republic
Contact:

Re: CASE#07121136 - Hashing Algorithms Audit Query

Post by PetrM »

Hello and Welcome to Veeam R&D Forums!

An option to switch the hashing algorithm to SHA-2 is not implemented in the code, that's why it is not possible to change the currently used algorithm. I'm not ready to share any plans regarding SHA-2 support, the task requires significant engineering resources, at least from the product quality control perspective: if we decide to do it, we'll need to re-test all the usage scenarios that include such operations as certificate thumbprint and HMAC generation (maybe something else), and it takes time.

Anyway, your request is noted and we'll discuss it internally.

Thanks!
Post Reply

Who is online

Users browsing this forum: Mildur and 26 guests